diff options
Adds session authentication upon NewUserConnections. Adds user key authentication (in safemode only) upon CreateChildAgents. All of this for Hypergrid users too. This addresses assorted spoofing vulnerabilities.
Diffstat (limited to 'OpenSim/Region/Framework/Scenes')
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.cs | 93 |
1 files changed, 55 insertions, 38 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index c26adc0..5ffa64c 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs | |||
@@ -40,6 +40,7 @@ using OpenMetaverse.Imaging; | |||
40 | using OpenSim.Framework; | 40 | using OpenSim.Framework; |
41 | using OpenSim.Framework.Communications; | 41 | using OpenSim.Framework.Communications; |
42 | using OpenSim.Framework.Communications.Cache; | 42 | using OpenSim.Framework.Communications.Cache; |
43 | using OpenSim.Framework.Communications.Clients; | ||
43 | using OpenSim.Framework.Console; | 44 | using OpenSim.Framework.Console; |
44 | using OpenSim.Region.Framework.Interfaces; | 45 | using OpenSim.Region.Framework.Interfaces; |
45 | using OpenSim.Region.Framework.Scenes.Scripting; | 46 | using OpenSim.Region.Framework.Scenes.Scripting; |
@@ -2372,64 +2373,80 @@ namespace OpenSim.Region.Framework.Scenes | |||
2372 | /// <param name="agent"></param> | 2373 | /// <param name="agent"></param> |
2373 | public bool NewUserConnection(AgentCircuitData agent) | 2374 | public bool NewUserConnection(AgentCircuitData agent) |
2374 | { | 2375 | { |
2375 | CapsModule.NewUserConnection(agent); | 2376 | bool goodUserConnection = AuthenticateUser(agent); |
2376 | 2377 | ||
2377 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); | 2378 | if (goodUserConnection) |
2378 | if (sp != null) | ||
2379 | { | 2379 | { |
2380 | m_log.DebugFormat( | 2380 | CapsModule.NewUserConnection(agent); |
2381 | "[SCENE]: Adjusting known seeds for existing agent {0} in {1}", | ||
2382 | agent.AgentID, RegionInfo.RegionName); | ||
2383 | 2381 | ||
2384 | sp.AdjustKnownSeeds(); | 2382 | ScenePresence sp = m_sceneGraph.GetScenePresence(agent.AgentID); |
2383 | if (sp != null) | ||
2384 | { | ||
2385 | m_log.DebugFormat( | ||
2386 | "[SCENE]: Adjusting known seeds for existing agent {0} in {1}", | ||
2387 | agent.AgentID, RegionInfo.RegionName); | ||
2385 | 2388 | ||
2386 | return true; | 2389 | sp.AdjustKnownSeeds(); |
2387 | } | ||
2388 | 2390 | ||
2389 | // Don't disable this log message - it's too helpful | 2391 | return true; |
2390 | m_log.InfoFormat( | 2392 | } |
2391 | "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})", | ||
2392 | RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode); | ||
2393 | 2393 | ||
2394 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) | 2394 | // Don't disable this log message - it's too helpful |
2395 | { | 2395 | m_log.InfoFormat( |
2396 | m_log.WarnFormat( | 2396 | "[CONNECTION BEGIN]: Region {0} told of incoming client {1} {2} {3} (circuit code {4})", |
2397 | "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist", | 2397 | RegionInfo.RegionName, agent.firstname, agent.lastname, agent.AgentID, agent.circuitcode); |
2398 | agent.AgentID, RegionInfo.RegionName); | 2398 | |
2399 | //return false; | 2399 | if (m_regInfo.EstateSettings.IsBanned(agent.AgentID)) |
2400 | } | 2400 | { |
2401 | m_log.WarnFormat( | ||
2402 | "[CONNECTION BEGIN]: Incoming user {0} at {1} is on the region banlist", | ||
2403 | agent.AgentID, RegionInfo.RegionName); | ||
2404 | //return false; | ||
2405 | } | ||
2401 | 2406 | ||
2402 | CapsModule.AddCapsHandler(agent.AgentID); | 2407 | CapsModule.AddCapsHandler(agent.AgentID); |
2403 | 2408 | ||
2404 | if (!agent.child) | 2409 | if (!agent.child) |
2405 | { | ||
2406 | // Honor parcel landing type and position. | ||
2407 | ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y); | ||
2408 | if (land != null) | ||
2409 | { | 2410 | { |
2410 | if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero) | 2411 | // Honor parcel landing type and position. |
2412 | ILandObject land = LandChannel.GetLandObject(agent.startpos.X, agent.startpos.Y); | ||
2413 | if (land != null) | ||
2411 | { | 2414 | { |
2412 | agent.startpos = land.landData.UserLocation; | 2415 | if (land.landData.LandingType == (byte)1 && land.landData.UserLocation != Vector3.Zero) |
2416 | { | ||
2417 | agent.startpos = land.landData.UserLocation; | ||
2418 | } | ||
2413 | } | 2419 | } |
2414 | } | 2420 | } |
2415 | } | ||
2416 | 2421 | ||
2417 | m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent); | 2422 | m_authenticateHandler.AddNewCircuit(agent.circuitcode, agent); |
2418 | 2423 | ||
2419 | // rewrite session_id | 2424 | // rewrite session_id |
2420 | CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID); | 2425 | CachedUserInfo userinfo = CommsManager.UserProfileCacheService.GetUserDetails(agent.AgentID); |
2426 | if (userinfo != null) | ||
2427 | { | ||
2428 | userinfo.SessionID = agent.SessionID; | ||
2429 | } | ||
2430 | else | ||
2431 | { | ||
2432 | m_log.WarnFormat( | ||
2433 | "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID); | ||
2434 | } | ||
2421 | 2435 | ||
2422 | if (userinfo != null) | 2436 | return true; |
2423 | { | ||
2424 | userinfo.SessionID = agent.SessionID; | ||
2425 | } | 2437 | } |
2426 | else | 2438 | else |
2427 | { | 2439 | { |
2428 | m_log.WarnFormat( | 2440 | m_log.WarnFormat("[CONNECTION BEGIN]: failed to authenticate user {0} {1}. Denying connection.", agent.firstname, agent.lastname); |
2429 | "[CONNECTION BEGIN]: We couldn't find a User Info record for {0}. This is usually an indication that the UUID we're looking up is invalid", agent.AgentID); | 2441 | return false; |
2430 | } | 2442 | } |
2443 | } | ||
2431 | 2444 | ||
2432 | return true; | 2445 | public virtual bool AuthenticateUser(AgentCircuitData agent) |
2446 | { | ||
2447 | bool result = CommsManager.UserService.VerifySession(agent.AgentID, agent.SessionID); | ||
2448 | m_log.Debug("[CONNECTION BEGIN]: User authentication returned " + result); | ||
2449 | return result; | ||
2433 | } | 2450 | } |
2434 | 2451 | ||
2435 | public void UpdateCircuitData(AgentCircuitData data) | 2452 | public void UpdateCircuitData(AgentCircuitData data) |